Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Yubico announced its 5 Series security keys on Sept. 24, providing organizations with enhanced hardware to improve authentication security.

Yubico develops a hardware-based authentication device known as the YubiKey, which provides support for different authentication protocols. Organizations can use YubiKeys to enable different types of multifactor authentication and password-less authentication approaches.

"Our new YubiKey 5 Series is comprised of four different form factors and are multiprotocol security keys," Jerrod Chong, senior vice president of product at Yubico, told eWEEK.

Further reading

The YubiKey Series 5 includes the YubiKey 5 NFC, YubiKey 5C, YubiKey 5 Nano and YubiKey 5C Nano. Each device includes the protocols included in the YubiKey 4 series: FIDO U2F, PIV (smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP and challenge-response, he said.

"What is added are two new features: FIDO2/WebAuthn on all of the devices and NFC [near-field communication] on the USB-A keychain design," Chong said. "For users familiar with our products, our YubiKey 5 NFC is the best combination of our YubiKey 4, YubiKey NEO and security key."

The FIDO (Fast Identity Online) Alliance is a group that develops strong authentication protocols for MFA. The 1.0 version of the FIDO specifications were published in 2014, and FIDO has since updated to FIDO2, which is also being adopted as part of the W3C's WebAuthn authentication standard that is currently in the process of being finalized. Chong said that WebAuthn-supported browsers include Chrome and Firefox by default, and it is also supported in Microsoft Edge in build 17723 on Windows Insider.

"We anticipate several keys announcements in the near future about services supporting FIDO2," Chong said.

NFC

NFC enables a tap-and-go type of authentication, such that user doesn't always need to enter a username and password to get access to service.

"With YubiKey 5 NFC, we now can enable all use cases for the various authentication protocols over NFC including FIDO2," Chong said. "YubiKey 5 NFC supports U2F [Universal 2nd Factor] over NFC on Android devices using Google services. We will soon also support WebAuthn over NFC on Windows 10 devices for the FIDO2 tap-and-go experience."

Chong added that iOS devices that cannot support FIDO U2F or FIDO2 over NFC at this time can still use YubiKey 5 NFC in OTP (One Time Password) mode over NFC for authentication, such as Lastpass for iOS.

Password-less

While YubiKeys have typically been considered for use as part of an MFA approach, they can also be used for single-factor authentication, requiring no username or password to log in to a supported service (password-less).

"FIDO2 is the first open authentication protocol that can take tap-and-go authentication to the masses. Many existing tap-and-go solutions are proprietary and based on weak static credentials," Chong said. "Strong single-factor authentication using public key cryptography sets a new bar for quick and easy authentication with significantly higher security, deployability and productivity."

Additionally, Chong said YubiKey Series 5 can be used in conjunction with a PIN for user verification, which the user would be able to set themselves for that YubiKey (touch + PIN). In that scenario, the PIN unlocks the YubiKey locally and touch is still required for the YubiKey to perform the authentication. That PIN provides the high assurance by requiring that second step to unlock the YubiKey when logging in.

Security Key Usage

Yubico has found success with its YubiKey in many different types of deployments around the world. In 2014, CERN, the European Organization for Nuclear Research, announced that it was using YubiKey technology to help secure access to its applications. Facebook, GitHub and Google have also been users of Yubico security key technology.

In 2016, Google published a study based on two years of security key usage and found that the technology helped to improve security. In 2018, Google announced that it was building and selling its own security key called Titan, which is now a rival to Yubico's YubiKey.

Chong said that Google's Titan security key currently supports FIDO's U2F protocol, which can help users securely access Gmail, Dropbox and Twitter, among other services. In contrast, he noted that the YubiKey 5 Series supports a wider range of strong authentication protocols, including FIDO2, FIDO U2F, PIV (smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP and challenge-response, in a single device over both USB-A and NFC (keychain design), as well as in USB-C form factors.

Alongside the Series 5 update, Yubico has updated its software tools that help organizations manage the keys. Looking forward, Chong said Yubico is always looking for ways to innovate and introduce its technology to new markets and use cases.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.